Skip to content

feat: add DD_ORG_UUID to datadog-agent-config crate#112

Open
jchrostek-dd wants to merge 5 commits intomainfrom
john/aws-auth
Open

feat: add DD_ORG_UUID to datadog-agent-config crate#112
jchrostek-dd wants to merge 5 commits intomainfrom
john/aws-auth

Conversation

@jchrostek-dd
Copy link
Copy Markdown
Contributor

@jchrostek-dd jchrostek-dd commented Apr 2, 2026

Summary

  • Adds DD_ORG_UUID (org_uuid) field to EnvConfig in the datadog-agent-config crate
  • Adds dd_org_uuid: String to the Config struct with an empty string default
  • Wires up the merge_string! so the env var is applied during config loading

Context

This field is needed to support delegated AWS authentication in the Lambda extension (DataDog/datadog-lambda-extension#1112). When DD_ORG_UUID is set, the extension uses AWS credentials to obtain a managed API key instead of requiring a static DD_API_KEY. Adding it to the shared crate makes it available to other consumers.

Test plan

  • Existing test_all_env_fields_wrong_type_fallback_to_default field-count guard updated
  • All 78 datadog-agent-config tests pass

🤖 Generated with Claude Code

litianningdatadog and others added 4 commits March 27, 2026 09:52
@litianningdatadog @claude
feat(lambda-lite): detect Lambda Lite environment and write mini agen…
745b234 
…t sentinel file (#81)

* Add .worktrees to .gitignore

Preparing for git worktree usage to enable isolated development
workspaces.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* feat(lambda-lite): detect Lambda Lite and write mini agent sentinel file

- Add `is_lambda_lite()` in http_utils to detect Lambda Lite via
  `AWS_LAMBDA_INITIALIZATION_TYPE=native-http`; includes unit tests for
  all env var states (native-http, on-demand, empty, unset)
- Write `/tmp/datadog/mini_agent_ready` sentinel on startup when running
  in Lambda Lite mode so dd-trace Node.js can switch from LogExporter
  (stdout) to AgentExporter (HTTP :8126)
- Refine release profile: use fat LTO, explicit symbol stripping, and
  `panic = "abort"` for smaller binary size

In standard Lambda, dd-trace detects a running agent via the Extension
path `/opt/extensions/datadog-agent`. Lambda Lite (web function /
native-http mode) does not populate this path, and `/opt` is read-only,
so the standard detection mechanism does not apply. Without an agent
signal, dd-trace falls back to LogExporter and writes traces to stdout
where they are silently dropped.

The sentinel file at `/tmp/datadog/mini_agent_ready` is written after
the mini agent binds to :8126. dd-trace (Node.js) checks this path via
`DATADOG_MINI_AGENT_PATH` in constants.js and switches to AgentExporter
(HTTP :8126) when the file is present. `/tmp` is used because it is the
only writable directory in Lambda Lite; the parent directory
`/tmp/datadog/` is created by the serverless-compat JS layer before
this binary is spawned.

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
@duncanpharvey
chore: update libdatadog rev to 8c88979985154d6d97c0fc2ca9039682981ea…
05e5c26 
…cad (#107)

* update libdatadog rev to 8c88979985154d6d97c0fc2ca9039682981eacad

* update licenses
@litianningdatadog @claude
ci: add Copilot instructions for PII and security review (#109)
e3c16ed 
Adds .github/copilot-instructions.md to guide GitHub Copilot auto-review
toward security-relevant patterns on every PR: PII in log statements,
unsafe Rust blocks without invariant documentation, and silently swallowed
errors in network/external-input code paths.

Jira: https://datadoghq.atlassian.net/browse/SVLS-8660

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
@litianningdatadog @claude
feat: add win32-ia32 and darwin-arm64 (macOS Apple Silicon) npm packa…
bb2532a 
…ges (#108)

Add two new platform targets to the datadog-serverless-compat CI pipeline:

- win32-ia32: 32-bit Windows build via native windows-2022 runner
  (i686-pc-windows-msvc, UPX-compressed)
- darwin-arm64: macOS Apple Silicon build via native macos-14 runner
  (aarch64-apple-darwin, no UPX — preserves Mach-O code signing)

Each platform adds a build step to build-datadog-serverless-compat.yml,
artifact download/processing in the package job, and an npm publish line
in the publish job of publish.yml.

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
@jchrostek-dd jchrostek-dd requested a review from a team as a code owner April 2, 2026 23:44
Copilot AI review requested due to automatic review settings April 2, 2026 23:44
@jchrostek-dd jchrostek-dd requested a review from a team as a code owner April 2, 2026 23:44
@jchrostek-dd jchrostek-dd requested review from duncanista and duncanpharvey and removed request for a team and Copilot April 2, 2026 23:44
@jchrostek-dd @claude
feat: add DD_ORG_UUID to datadog-agent-config crate
685769a 
Adds the `DD_ORG_UUID` config field to the shared `datadog-agent-config`
crate to support delegated AWS authentication. When set, consumers can
use this field to auto-enable AWS credential-based auth instead of a
static API key.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 3, 2026 14:35
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for the DD_ORG_UUID environment variable to the datadog-agent-config crate, enabling delegated AWS authentication in the Lambda extension. When set, this field tells the extension to use AWS credentials to obtain a managed API key instead of requiring a static DD_API_KEY.

Changes:

  • Added org_uuid: Option<String> field to EnvConfig struct with DD_ORG_UUID environment variable binding
  • Added dd_org_uuid: String field to the Config struct with empty string default
  • Wired up config merging using the merge_string! macro to apply environment variable values
  • Updated tests to include the new field in both env config and expected config values

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
crates/datadog-agent-config/env.rs Added org_uuid field to EnvConfig, updated merge_config() to wire it up with the 4-argument merge_string! macro form, and updated tests with new field coverage
crates/datadog-agent-config/mod.rs Added dd_org_uuid: String field to Config struct and initialized with empty string default in Default impl
crates/datadog-agent-config/yaml.rs Updated test config to initialize the new dd_org_uuid field

@jchrostek-dd jchrostek-dd mentioned this pull request Apr 6, 2026
Merged
1 task
duncanpharvey
duncanpharvey reviewed Apr 8, 2026
View reviewed changes
Comment thread crates/datadog-agent-config/env.rs
pub api_security_sample_delay: Option<Duration>,
/// @env `DD_ORG_UUID`
///
/// The Datadog organization UUID. When set, delegated AWS auth is auto-enabled.
Copy link
Copy Markdown
Collaborator

@duncanpharvey duncanpharvey Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this will only be used by AWS for now, maybe this makes more sense to add in a Lambda specific config? See #111

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@duncanpharvey duncanpharvey duncanpharvey left review comments

Copilot code review Copilot Copilot left review comments

@duncanista duncanista Awaiting requested review from duncanista duncanista is a code owner automatically assigned from DataDog/serverless-aws

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jchrostek-dd @duncanpharvey @litianningdatadog